Conventional wisdom assures us that nearly every business today should have a data protection strategy in place. It’s 2022, after all, and we all know that data theft and ransomware attacks are on the rise. But a new survey from Odaseva and Dimensional Research, an independent research firm specializing in enterprise technology, says otherwise.
According to the survey, 57% of business leaders say they have SaaS data that remains unprotected, and just half of those whose SaaS data had been successfully taken during an attack say they were able to recover it all.
Odaseva and Dimensional Research surveyed executives and managers of companies with more than 10,000 employees, focusing their questions on how ransomware attacks affected their organization’s SaaS data. The group found that ransomware attacks targeted data in different types of environments, however, attacks on SaaS data succeeded more than attacks on any other environment.
In a blog post on the company’s website, Odaseva’s Chief Marketing Officer Remy Claret said cybercriminals today are aware that more businesses are using SaaS applications to run mission-critical processes, and as a result, SaaS data is now being targeted in more than half of all ransomware attacks.
Seventy-nine percent of businesses said it took days, weeks, months, or longer to recover data after a ransomware attack—and that’s if it could be recovered at all—highlighting the importance of investing in effective backup and restoration solutions. During that downtime, companies suffer from service interruptions and an overall lack of business continuity.
A separate report, this one from Varonis, found that the average company with data in the cloud has 157,000 sensitive records exposed by SaaS application sharing features, which represents $28 million in data-breach risk.
Of course, not every data outage is malicious. Businesses lose access to data stored in SaaS applications for all different types of reasons — from innocent mistakes made by employees to systemwide errors. Back in April, the software company Atlassian experienced a two-week outage caused by something as simple as a faulty script. That seemingly-minor issue impacted hundreds of Atlassian Cloud customers.
Preventing Outages and Data Loss
Unfortunately, preventing all data loss is more challenging when you’re dealing with SaaS applications versus on-premise. Internal IT departments have limited control over the ways in which SaaS applications allow users to back up their data.
IT departments typically rely on APIs to back up and restore SaaS data, but most API calls have hard caps, and it’s up to SaaS providers to make sure API resources are available for all customers when they need them.
With small and mid-size businesses running dozens, if not more, SaaS applications at any given time, it’s up to their internal IT teams to stay on top of APIs with different capabilities and limitations.
While it’s clear that SaaS data needs to be protected, it’s not clear just how business leaders should move forward in achieving that goal. Building a SaaS backup solution that meets a company’s needs is a more complicated process than most small and mid-sized businesses realize, and it requires having a strategic plan for API management.
